Ensure that "Restrict access to Azure AD administration portal" policy is set to "Yes" within your Azure Active Directory (AD) settings to deny access to the Azure AD administration portal for all non-administrator users. This setting is limited to administration portal only and enabling it does not restrict access using PowerShell or another client such as Microsoft Visual Studio. By default, "Restrict access to Azure AD administration portal" is set to "No".
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
The Azure Active Directory administrative portal provides access to sensitive or private information, therefore all non-admin users should be prohibited from accessing any Azure AD resource or information available on the administration portal in order to avoid data exposure.
Audit
To determine if non-admin users have access to Active Directory administration portal, perform the following actions:
Note: Fetching "Restrict access to Azure AD administration portal" configuration setting status using Microsoft Graph API or Azure CLI is not currently supported.Remediation / Resolution
By setting "Restrict access to Azure AD administration portal" to "Yes", only Azure Active Directory administrators can get further access to administration portal, protecting AD data from unauthorized users. To enable the required setting, perform the following actions:
Note: Restricting non-administrator users' ability to access Active Directory administration portal using Microsoft Graph API or Azure CLI is not currently supported.References
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Restrict Non-Admin Access to Administration Portal
Risk level: Medium